Hacking With the Net User Command + Carlos Perez’s ‘getgui’ Script

The Net User command – something you wouldn’t really think of using in an everyday situation but if you ever find yourself with access to a computer system (either remotely or physically) then you can use this command to have a little fun. The net user command is something which can be used on Windows machines to add/edit/delete accounts on the computer. It is generally used with the following syntax…

If you have physical access to the computer in question, you can simply pop open a command prompt and enter your commands. If for some reason the command prompt has been restricted by an administrator, try creating a text file with your commands inside it and save it as a .bat file. Once you have created your new user, log in as that account and have your administrator fun.

Using Net User With Remote Access

I went a little over the top with this next paragraph, but it sounds cool so imagine it’s a short story when reading

So here’s the situation – You’re sitting in hospital with a broken leg and nothing better to do than fire up your laptop, which is running our trusty Backtrack operating system. You perform a few scans to see what’s on the network using Nmap -sP or even an autoscan tool, and discover some machines. One of these machines just happens to be a file server or something else of importance to the business. You run a scan with Nmap to check for open ports and you also determine that it’s running on Windows XP, which we all know is a very exploitable operating system. You fire up Metasploit and manage to get a Meterpreter session running. But what now?

Well, we could get a shell up on the machine and simply use the net user command to create a new account, edit an old one or even delete one completely. This works just fine, just like in the previous example. However, there is more we can do with this if we have a Meterpreter session running!

If we’ve got a Meterpreter session running, we can make use of a nice script which will create a new user on the target machine, give it administrator privileges and then attempt to get you a remote desktop interface to play with. Run the following command…

run getgui -u USERNAME -p PASSWORD

And that’s it. Seriously. If you have any luck, you’ll be given a GUI.